Bug 191353

Summary:

[GTK] Crash when running with sandbox enabled

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKitGTK

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bugs-noreply, mcatanzaro

Priority:

Keywords:

Gtk

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	mcatanzaro: review+

Description Carlos Garcia Campos 2018-11-07 01:39:48 PST

Thread 1 "MiniBrowser" received signal SIGSEGV, Segmentation fault.
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:93
93	../sysdeps/x86_64/multiarch/strlen-avx2.S: No existe el fichero o el directorio.
(gdb) bt
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:93
#1  0x00007ffff14084c1 in g_key_file_parse_string_as_value (key_file=key_file@entry=0x555555c38f80, string=0x2f7273752f3a6769 <error: Cannot access memory at address 0x2f7273752f3a6769>, 
    escape_separator=escape_separator@entry=1) at gkeyfile.c:4340
#2  0x00007ffff140b6fc in g_key_file_set_string_list (key_file=0x555555c38f80, group_name=0x7ffff70b8d7a "Context", key=0x7ffff70bbe81 "shared", list=0x7fffffffcea0, length=8)
    at gkeyfile.c:2129
#3  0x00007ffff527e94f in WebKit::bubblewrapSpawn(_GSubprocessLauncher*, WebKit::ProcessLauncher::LaunchOptions const&, char**, _GError**) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007ffff52834a3 in WebKit::ProcessLauncher::launchProcess() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007ffff5133e08 in WebKit::ChildProcessProxy::connect() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007ffff51b738e in WebKit::WebProcessProxy::create(WebKit::WebProcessPool&, WebKit::WebsiteDataStore&, WebKit::WebProcessProxy::IsPrewarmed) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007ffff5199d45 in WebKit::WebProcessPool::createNewWebProcess(WebKit::WebsiteDataStore&, WebKit::WebProcessProxy::IsPrewarmed) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007ffff519ceb4 in WebKit::WebProcessPool::createWebPage(WebKit::PageClient&, WTF::Ref<API::PageConfiguration, WTF::DumbPtrTraits<API::PageConfiguration> >&&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007ffff5251c83 in webkitWebViewBaseCreateWebPage(_WebKitWebViewBase*, WTF::Ref<API::PageConfiguration, WTF::DumbPtrTraits<API::PageConfiguration> >&&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007ffff522ee54 in webkitWebContextCreatePageForWebView(_WebKitWebContext*, _WebKitWebView*, _WebKitUserContentManager*, _WebKitWebView*) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007ffff5235ec0 in webkitWebViewConstructed(_GObject*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007ffff16f10b0 in g_object_new_internal (class=class@entry=0x555555c102c0, params=params@entry=0x7fffffffd680, n_params=n_params@entry=4) at gobject.c:1845
#13 0x00007ffff16f2c60 in g_object_new_valist (object_type=<optimized out>, first_property_name=<optimized out>, var_args=var_args@entry=0x7fffffffd7c8) at gobject.c:2128
#14 0x00007ffff16f2fbc in g_object_new (object_type=<optimized out>, first_property_name=<optimized out>) at gobject.c:1648
#15 0x00005555555617ca in main ()

This is in createFlatpakInfo() because g_key_file_set_string_list() is receiving an non null-terminated array.

Comment 1 Carlos Garcia Campos 2018-11-07 01:43:59 PST

Created attachment 354074 [details]
Patch

Comment 2 Carlos Garcia Campos 2018-11-08 00:29:04 PST

Committed r237982: <https://trac.webkit.org/changeset/237982>